<%@ page language="java" pageEncoding="UTF-8"%>

<%@page import="java.util.Date"%>
<%@page import="org.owasp.esapi.HTTPUtilities"%>
<%@page import="org.owasp.esapi.ESAPI"%>
<%@page import="org.owasp.esapi.User"%>

<%@include file="../../header.jsp" %>
<%
	// do some simulate transfer money
	String cash = request.getParameter("cash");
	String to = request.getParameter("to");	
	String userToken = (String)request.getSession(false).getAttribute("ESAPIUserSessionKey");
%>

<form action="transferMoney.do" method="post">
  Transfer cash: <input type="text" name="cash"/><br/>
  To: <input type="text" name="to"/><br />
  <input type="hidden" name="<%=HTTPUtilities.CSRF_TOKEN_NAME%>" value="<%=userToken%>"/>
  <input type="submit" value="Submit" />
</form>
<%@include file="../../footer.jsp" %>